1 From 354196c027e81affb05163a6c3676eef1ba06dd9 Mon Sep 17 00:00:00 2001
2 From: Zoran Pericic <zpericic@netst.org>
3 Date: Sat, 25 Jan 2020 19:38:39 +0100
4 Subject: [PATCH] nhrp: Make vici socket path configurable
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 nhrp: Configure vici socket path using
11 configure --with-vici-socket=/var/run/charon.vici
13 If not specified default to /var/run/charon.vici
15 Signed-off-by: Zoran Peričić <zpericic@netst.org>
17 configure.ac | 8 ++++++++
18 doc/user/installation.rst | 4 ++++
19 nhrpd/README.nhrpd | 3 ++-
21 4 files changed, 15 insertions(+), 2 deletions(-)
25 @@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_ST
27 AC_SUBST([yangmodelsdir])
29 +AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [
30 + vici_socket="$withval"
32 + vici_socket="/var/run/charon.vici"
34 +AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path])
36 AC_ARG_ENABLE(tcmalloc,
37 AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
38 [case "${enableval}" in
39 @@ -2480,6 +2487,7 @@ group for vty sockets : ${enable_vty_g
40 config file mask : ${enable_configfile_mask}
41 log file mask : ${enable_logfile_mask}
42 zebra protobuf enabled : ${enable_protobuf:-no}
43 +vici socket path : ${vici_socket}
45 The above user and group must have read/write access to the state file
46 directory and to the config files in the config file directory."
47 --- a/doc/user/installation.rst
48 +++ b/doc/user/installation.rst
49 @@ -383,6 +383,10 @@ options to the configuration script.
50 Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR
51 YANG modules will be installed here.
53 +.. option:: --with-vici-socket <path>
55 + Set StrongSWAN vici interface socket path [/var/run/charon.vici].
57 Python dependency, documentation and tests
58 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
60 --- a/nhrpd/README.nhrpd
61 +++ b/nhrpd/README.nhrpd
62 @@ -126,7 +126,8 @@ Integration with strongSwan
64 Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
65 Currently strongSwan is supported using the VICI protocol. strongSwan
66 -is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
67 +is connected using UNIX socket (default /var/run/charon.vici use configure
68 +argument --with-vici-socket= to change).
69 Thus nhrpd needs to be run as user that can open that file.
71 Currently, you will need patched strongSwan. The working tree is at:
74 @@ -478,7 +478,7 @@ static int vici_reconnect(struct thread
78 - fd = sock_open_unix("/var/run/charon.vici");
79 + fd = sock_open_unix(VICI_SOCKET);
81 debugf(NHRP_DEBUG_VICI,
82 "%s: failure connecting VICI socket: %s", __func__,